diff --git a/main/survey/survey.download.inc.php b/main/survey/survey.download.inc.php index fdbaa7284c..3890da47bf 100644 --- a/main/survey/survey.download.inc.php +++ b/main/survey/survey.download.inc.php @@ -13,21 +13,20 @@ function check_download_survey($course, $invitation, $doc_url) { - require_once 'survey.lib.php'; + require_once 'survey.lib.php'; // Getting all the course information $_course = CourseManager::get_course_information($course); + $course_id = $_course['real_id']; // Database table definitions - $table_survey = Database :: get_course_table(TABLE_SURVEY, $_course['db_name']); - $table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION, $_course['db_name']); - $table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION, $_course['db_name']); - $table_course = Database :: get_main_table(TABLE_MAIN_COURSE); - $table_user = Database :: get_main_table(TABLE_MAIN_USER); - $table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION, $_course['db_name']); + $table_survey = Database :: get_course_table(TABLE_SURVEY); + $table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION); + $table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION); + $table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION); // Now we check if the invitationcode is valid - $sql = "SELECT * FROM $table_survey_invitation WHERE invitation_code = '".Database::escape_string($invitation)."'"; + $sql = "SELECT * FROM $table_survey_invitation WHERE c_id = $course_id AND invitation_code = '".Database::escape_string($invitation)."'"; $result = Database::query($sql); if (Database::num_rows($result) < 1) { Display :: display_error_message(get_lang('WrongInvitationCode'), false); @@ -48,7 +47,7 @@ function check_download_survey($course, $invitation, $doc_url) { // Fetch survey ID // If this is the case there will be a language choice - $sql = "SELECT * FROM $table_survey WHERE code='".Database::escape_string($survey_invitation['survey_code'])."'"; + $sql = "SELECT * FROM $table_survey WHERE c_id = $course_id AND code='".Database::escape_string($survey_invitation['survey_code'])."'"; $result = Database::query($sql); if (Database::num_rows($result) > 1) { if ($_POST['language']) { @@ -70,29 +69,27 @@ function check_download_survey($course, $invitation, $doc_url) { $survey_invitation['survey_id'] = $row['survey_id']; } - $sql = "select count(*) from $table_survey where survey_id = ".$survey_invitation['survey_id']." + $sql = "SELECT count(*) FROM $table_survey WHERE c_id = $course_id AND survey_id = ".$survey_invitation['survey_id']." and ( title LIKE '%$doc_url%' or subtitle LIKE '%$doc_url%' or intro LIKE '%$doc_url%' or surveythanks LIKE '%$doc_url%' ) - union select count(*) from $table_survey_question where survey_id = ".$survey_invitation['survey_id']." + union select count(*) from $table_survey_question where c_id = $course_id AND survey_id = ".$survey_invitation['survey_id']." and ( survey_question LIKE '%$doc_url%' or survey_question_comment LIKE '%$doc_url%' ) - union select count(*) from $table_survey_question_option where survey_id = ".$survey_invitation['survey_id']." + union select count(*) from $table_survey_question_option where c_id = $course_id AND survey_id = ".$survey_invitation['survey_id']." and ( option_text LIKE '%$doc_url%' )"; $result = Database::query($sql); - if (Database::num_rows($result) == 0) { Display :: display_error_message(get_lang('WrongInvitationCode'), false); Display :: display_footer(); exit; } - return $_course; -} +} \ No newline at end of file